[Dshield] Time stamp accuracy
Jon R. Kibler
Jon.Kibler at aset.com
Thu Oct 7 16:00:25 GMT 2004
Alan Frayer wrote:
> On Wed, 2004-10-06 at 21:17, Johannes B. Ullrich wrote:
> > > Unfortunately, Netopia did not provide for automatic time sync in their
> > > routers, nor do they allow time to be set to the second, so time is
> > > likely to be an issue for me all of the time (I make adjustments as
> > > needed whenever I get inside the network, but that isn't very
> > > frequently).
> > doesn't sound like a very good router/fw :-/.
> I agree. Like so much technology these days, the guys using the stuff
> aren't the guys who bought it. But at least it has firewall and
> reporting capabilities!
Two thoughts on this issue:
1) Does your router support SNTP? I had some 800 series Cisco boxes that I was swearing at because they did not support NTP, but found that they support SNTP -- a protocol with which I was not familiar with prior to that issue. (Basically, SNTP relies on a single NTP server on a local network to provide accurate time feeds.)
2) Can your router log to syslog? If it can, set up a *nix box with an accurate clock, log to syslog, and your time stamps should be accurate +/- a second or so. Yes, you will have to reformat your logs for DShield, but at least that is a one-time problem.
Jon R. Kibler
Chief Technical Officer
Charleston, SC USA
Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.
More information about the list